一 ftp相关知识
什么是ftp
FTP 是File TransferProtocol(文件传输协议)的英文简称,而中文简称为“文传协议”。用于Internet上的控制文件的双向传输。同时,它也是一个应用程序(Application)。基于不同的操作系统有不同的FTP应用程序,而所有这些应用程序都遵守同一种协议以传输文件。在FTP的使用当中,用户经常遇到两个概念:"下载"(Download)和"上传"(Upload)。"下载"文件就是从远程主机拷贝文件至自己的计算机上;"上传"文件就是将文件从自己的计算机中拷贝至远程主机上。用Internet语言来说,用户可通过客户机程序向(从)远程主机上传(下载)文件。
实现该协议的软件
vsftp
vsftpd 是“very secure FTP daemon”的缩写,安全性是它的一个最大的特点。vsftpd 是一个 UNIX 类操作系统上运行的服务器的名字,它可以运行在诸如Linux、BSD、Solaris、 HP-UNIX等系统上面,是一个完全免费的、开发源代码的ftp服务器软件,支持很多其他的 FTP 服务器所不支持的特征。比如:非常高的安全性需求、带宽限制、良好的可伸缩性、可创建虚拟用户、支持IPv6、速率高等。[1]
vsftpd是一款在Linux发行版中最受推崇的FTP服务器程序。特点是小巧轻快,安全易用。
在开源操作系统中常用的FTPD套件主要还有ProFTPD、PureFTPd和wuftpd等
tftp
TFTP(Trivial File Transfer Protocol,简单文件传输协议)是TCP/IP协议族中的一个用来在客户机与服务器之间进行简单文件传输的协议,提供不复杂、开销不大的文件传输服务。端口号为69。
FTP通讯原理
主动传输模式:客户端向服务端发送请求,服务器端同客户建立连接,在20端口传输数据(需要客户端可以在互联网上可以看到IP地址)
被动传输模式:服务器随机开一个端口向客户读发送数据;使用较多,端口随机,不好使用防火墙控制
传输数据
字符传输方式和二进制传输方式。
文本:二者皆可,假如是非文本,只能使用二进制传输方式,使用文本传输方式文件会损害。
服务器:默认是二进制模式
二 ftp——匿名用户
2.1 ftp——匿名用户下载
- --第一步,安装vsftpd
- [root@serv01 ~]# yum install vsftpd -y
- --第二步,测试配置文件的参数——listen
- [root@serv01 ~]# rpm -ql vsftpd
- [root@serv01 ~]# cd /etc/vsftpd/
- [root@serv01 vsftpd]# ll
- [root@serv01 vsftpd]# mv vsftpd.confvsftpd.conf.bak
- [root@serv01 vsftpd]# cp vsftpd.conf.bakvsftpd.conf
- [root@serv01 vsftpd]# ll
- #文件为空,启动失败
- [root@serv01 vsftpd]# echo "" >vsftpd.conf
- [root@serv01 vsftpd]# /etc/init.d/vsftpdstart
- Starting vsftpd for vsftpd: 500 OOPS: vsftpd:not configured for standalone, must be started from inetd
- [FAILED]
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- [root@serv01 vsftpd]# /etc/init.d/vsftpdstart
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,Serv02安装ftp客户端
- #ftp客户端
- [root@serv02 ~]# yum install ftp -y
- #匿名用户
- [root@serv02 vsftpd]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp>
- ftp> ?
- Commands may be abbreviated. Commands are:
- ! debug mdir sendport site
- $ dir mget put size
- account disconnect mkdir pwd status
- append exit mls quit struct
- ascii form mode quote system
- bell get modtime recv sunique
- binary glob mput reget tenex
- bye hash newer rstatus tick
- case help nmap rhelp trace
- cd idle nlist rename type
- cdup image ntrans reset user
- chmod lcd open restart umask
- close ls prompt rmdir verbose
- cr macdef passive runique ?
- delete mdelete proxy send
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,93,120).
- 150 Here comes the directory listing.
- drwxr-xr-x 2 0 0 4096 Aug 13 10:29 pub
- 226 Directory send OK.
- [root@serv02 ~]# cd /var/ftp/pub/
- [root@serv02 pub]# cp/boot/initramfs-2.6.32-131.0.15.el6.x86_64.img .
- ftp> cd pub
- 250 Directory successfully changed.
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,149,33).
- 150 Here comes the directory listing.
- -rw-r--r-- 1 0 0 12587318 Aug 13 10:29initramfs-2.6.32-131.0.15.el6.x86_64.img
- 226 Directory send OK.
- ftp> getinitramfs-2.6.32-131.0.15.el6.x86_64.img
- local:initramfs-2.6.32-131.0.15.el6.x86_64.img remote: initramfs-2.6.32-131.0.15.el6.x86_64.img
- 227 Entering Passive Mode(192,168,1,11,105,144).
- 150 Opening BINARY mode data connection forinitramfs-2.6.32-131.0.15.el6.x86_64.img (12587318 bytes).
- 226 Transfer complete.
- 12587318 bytes received in 0.0368 secs(341693.86 Kbytes/sec)
- ftp> exit
- 221 Goodbye.
- [root@serv02 vsftpd]# lsinitramfs-2.6.32-131.0.15.el6.x86_64.img
- initramfs-2.6.32-131.0.15.el6.x86_64.img
2.2 ftp——匿名用户上传
- [root@serv01 vsftpd]# man vsftpd.conf
- #!ls:显示本机的文件和目录
- #ls:显示服务器的文件和目录
- --第一步,编辑配置文件,加上anon_upload_enable参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anon_upload_enable=yes
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,Serv02做测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> !ls
- aa01.txt anaconda-ks.cfg initramfs-2.6.32-131.0.15.el6.x86_64.img install.log install.log.syslog
- #上传文件,发生失败,权限拒绝
- ftp> put aa01.txt
- local: aa01.txt remote: aa01.txt
- 227 Entering Passive Mode(192,168,1,11,152,86).
- 550 Permission denied.
- --第四步,修改ftp文件夹的权限,发现重新登录失败,把权限还原后登录正常(这样是安全考虑)
- [root@serv01 var]# pwd
- /var
- [root@serv01 var]# chmod 777 ftp
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 500 OOPS: vsftpd: refusing to run with writableanonymous root
- Login failed.
- [root@serv01 var]# chmod 755 ftp/
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- --第五步,我们这样解决,新建一个文件夹,然后修改文件夹的权限,上传文件时上传到新建的目录里
- [root@serv01 ftp]# pwd
- /var/ftp
- [root@serv01 ftp]# mkdir upload
- [root@serv01 ftp]# chmod 777 upload
- [root@serv01 ftp]# ls -ld upload/
- drwxrwxrwx. 2 root root 4096 Aug 13 18:48upload/
- --第六步,重新修改配置文件,加上write_enable参数,重启服务,然后重新测试,上传成功
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> !ls
- aa01.txt anaconda-ks.cfg initramfs-2.6.32-131.0.15.el6.x86_64.img install.log install.log.syslog
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,161,243).
- 150 Here comes the directory listing.
- drwxr-xr-x 2 0 0 4096 Aug 13 10:29 pub
- drwxrwxrwx 2 0 0 4096 Aug 13 10:48 upload
- 226 Directory send OK.
- ftp> cd upload
- 250 Directory successfully changed.
- #上传成功
- ftp> put aa01.txt
- local: aa01.txt remote: aa01.txt
- 227 Entering Passive Mode(192,168,1,11,214,139).
- 150 Ok to send data.
- 226 Transfer complete.
- 6 bytes sent in 0.000119 secs (50.42Kbytes/sec)
2.3 ftp——匿名用户共享目录在其他位置
- --第一步,创建共享目录
- [root@serv01 vsftpd]# mkdir /share
- [root@serv01 vsftpd]# ls -ld /share/
- drwxr-xr-x. 2 root root 4096 Aug 13 19:09/share/
- --第二步,编辑配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,拷贝文件,测试
- [root@serv01 vsftpd]# cp /boot/initramfs-2.6.32-131.0.15.el6.x86_64.img/share/ -rvf
- `/boot/initramfs-2.6.32-131.0.15.el6.x86_64.img'-> `/share/initramfs-2.6.32-131.0.15.el6.x86_64.img'
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,78,233).
- 150 Here comes the directory listing.
- -rw-r--r-- 1 0 0 12587318 Aug 13 11:11initramfs-2.6.32-131.0.15.el6.x86_64.img
- 226 Directory send OK.
- ftp> pwd
- 257 "/"
- ftp>
- ftp> getinitramfs-2.6.32-131.0.15.el6.x86_64.img
- local:initramfs-2.6.32-131.0.15.el6.x86_64.img remote: initramfs-2.6.32-131.0.15.el6.x86_64.img
- 227 Entering Passive Mode(192,168,1,11,120,127).
- 150 Opening BINARY mode data connection forinitramfs-2.6.32-131.0.15.el6.x86_64.img (12587318 bytes).
- 226 Transfer complete.
- 12587318 bytes received in 0.149 secs(84466.18 Kbytes/sec)
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# ls
- aa01.txt anaconda-ks.cfg initramfs-2.6.32-131.0.15.el6.x86_64.img install.log install.log.syslog
2.4 ftp——匿名用户登录时显示提示信息
- --第一步,修改配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- ftpd_banner="Welcome to mysite!!!----justdb"
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 "Welcome to mysite!!!----justdb"
2.5登录时显示一个文件作为提示信息
- --第一步,创建登录时显示调用的文件
- [root@serv01 vsftpd]# pwd
- /etc/vsftpd
- [root@serv01 vsftpd]# vim my_banner
- [root@serv01 vsftpd]# cat my_banner
- ############
- #
- $
- @
- ^
- &
- ############
- --第二步,修改配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- banner_file=/etc/vsftpd/my_banner
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220-############
- 220- #
- 220- $
- 220- @
- 220- ^
- 220- &
- 220-############
- 220
- Name (192.168.1.11:root):
2.6 ftp——匿名用户提示文件夹作用
- --第一步,编辑vsftpd.conf文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- --第二步,创建文件夹和相关的文件夹说明文件
- [root@serv01 share]# pwd
- /share
- [root@serv01 share]# mkdir upload
- [root@serv01 share]# mkdir download
- [root@serv01 share]# man vsftpd.conf
- [root@serv01 share]# cd upload
- [root@serv01 upload]# pwd
- /share/upload
- [root@serv01 upload]# vim .message
- [root@serv01 upload]# cd ../download/
- [root@serv01 download]# pwd
- /share/download
- [root@serv01 download]# vim .message
- [root@serv01 download]# cat .message
- this is download dir
- [root@serv01 download]# cat../upload/.message
- this is upload dir
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250-this is upload dir
- 250 Directory successfully changed.
- ftp> cd ../download
- 250-this is download dir
- 250 Directory successfully changed.
- ftp>
2.7 ftp——匿名用户在共享文件夹创建目录
- --第一步,先测试创建文件夹,发现失败
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250-this is upload dir
- 250 Directory successfully changed.
- ftp> mkdir test
- 550 Permission denied.
- ftp>
- --第二步,编辑文件,加入anon_mkdir_write_enable参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试,发现失败(550 Create directoryoperation failed.
- )
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250-this is upload dir
- 250 Directory successfully changed.
- ftp> mkdir test
- 550 Create directory operation failed.
- --第五步,修改文件夹权限,再次登录后创建成功
- [root@serv01 download]# chmod 777 ../upload/
- [root@serv01 download]# ls -ld ../upload/
- drwxrwxrwx. 2 root root 4096 Aug 13 19:28../upload/
- ftp> mkdir test
- 257 "/upload/test" created
- ftp>
2.8 ftp——匿名用户可以删除目录
- --第一步,修改配置文件,加入anon_other_write_enable参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- anon_other_write_enable=yes
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250-this is upload dir
- 250 Directory successfully changed.
- ftp> rm test
- 250 Remove directory operation successful.
- ftp> mkdir test
- 257 "/upload/test" created
- ftp> rmdir test
- 250 Remove directory operation successful.
- ftp>
- #删除文件(delete命令)
- ftp> delete aa01.txt
- 250 Delete operation successful.
2.9 ftp——匿名用户限制下载速度
- --第一步,安装ftp客户端
- [root@larrywen opt]# yum install lftp -y
- --第二步,拷贝文件测试
- [root@larrywen ~]# cp/opt/soft/begin/RevolutionOS操作系统革命.rmvb .
- --第三步,上传文件,发现速度很快,如果用户量访问过多,对系统造成的压力很大
- [root@larrywen ~]# lftp 192.168.1.11
- lftp 192.168.1.11:~> cd upload
- cd ok, cwd=/upload
- lftp 192.168.1.11:/upload> putRevolutionOS操作系统革命.rmvb
- 288570185 bytes transferred in 3 seconds(103.65M/s)
- lftp 192.168.1.11:/upload> exit
- --第四步,编辑文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- anon_other_write_enable=yes
- #一般设定为120K左右
- anon_max_rate=1024000
- --第五步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第六步,再次上传,发现速度大约在1M左右
- [root@larrywen ~]# lftp 192.168.1.11
- lftp 192.168.1.11:~> cd upload
- cd ok, cwd=/upload
- lftp 192.168.1.11:/upload> putRevolutionOS操作系统革命.rmvb
- 288570185 bytes transferred in 283 seconds(995.1K/s)
2.10 ftp——匿名用户限制人数
- --第一步,修改配置文件,加入max_clients参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to my site!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- anon_other_write_enable=yes
- anon_max_rate=1024000
- max_clients=3
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试
- #连续打开三个终端,使用ftp或者lftp分别建立ftp连接,到第四个的时候,发现出错,不能连接,配置文件生效(但是这样一个用户打开3个终端就独占了,其他用户不允许连接了)
- [root@larrywen 0813]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 421 There are too many connected users,please try later.
2.11 ftp——匿名用户限制某个用户有几个连接
- --第一步,修改配置文件,加入max_per_ip参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- anon_other_write_enable=yes
- anon_max_rate=1024000
- max_clients=10
- max_per_ip=2
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试。真实机建立2个连接后,建立第三个连接提示There are too many connections from your internet address,但是其他IP地址的用户不受影响
- [root@larrywen ~]# ftp 192.168.1.11
- [root@larrywen ~]# ftp 192.168.1.11
- [root@larrywen ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 421 There are too many connections from yourinternet address.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
2.12 ftp——匿名用户修改上传文件的权限
- --第一步,修改配置文件,加入anon_umask参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- anon_other_write_enable=yes
- anon_max_rate=1024000
- max_clients=10
- max_per_ip=2
- anon_umask=022
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试。上传文件,发现权限变为644
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250-this is upload dir
- 250 Directory successfully changed.
- ftp> put aa01.txt
- local: aa01.txt remote: aa01.txt
- 227 Entering Passive Mode (192,168,1,11,149,59).
- 150 Ok to send data.
- 226 Transfer complete.
- 6 bytes sent in 9.9e-05 secs (60.61Kbytes/sec)
- ftp> ls aa01.txt
- 227 Entering Passive Mode(192,168,1,11,47,44).
- 150 Here comes the directory listing.
- -rw-r--r-- 1 14 50 6 Aug 13 14:09 aa01.txt
- 226 Directory send OK.
- ftp>
2.13 ftp——匿名用户修改上传文件的所有者
- --第一步,查看上传文件的所有者,发现拥有者时ftp
- [root@serv01 upload]# ll
- total 281812
- -rw-r--r--. 1 ftp ftp 6 Aug 13 22:09 aa01.txt
- -rw-------. 1 ftp ftp 288570185 Aug 13 20:04RevolutionOS操作系统革命.rmvb
- --第二步,创建用户
- [root@serv01 vsftpd]# useradd larry
- --第三步,修改配置文件,加入chown_uploads和chown_username参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- write_enable=yes
- anon_upload_enable=yes
- anon_root=/share
- #ftpd_banner="Welcome to mysite!!!----justdb"
- #banner_file=/etc/vsftpd/my_banner
- dirmessage_enable=yes
- anon_mkdir_write_enable=yes
- anon_other_write_enable=yes
- anon_max_rate=1024000
- max_clients=10
- max_per_ip=2
- anon_umask=022
- chown_uploads=yes
- chown_username=larry
- #第四步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第五步,上传文件,再次查看文件所有者,发现已经变化
- [root@serv02 ~]# echo "hello">> aa02.txt
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250-this is upload dir
- 250 Directory successfully changed.
- ftp> put aa02.txt
- local: aa02.txt remote: aa02.txt
- 227 Entering Passive Mode(192,168,1,11,143,83).
- 150 Ok to send data.
- 226 Transfer complete.
- 6 bytes sent in 0.000114 secs (52.63Kbytes/sec)
- ftp>
- [root@serv01 upload]# ll *.txt
- -rw-r--r--. 1 ftp ftp 6 Aug 13 22:09 aa01.txt
- -rw-------. 1 larryftp 6 Aug 13 22:15 aa02.txt
三 ftp——授权用户
3.1 ftp——授权用户测试授权用户的简单使用
- --第一步,创建本地帐号
- #使用本地帐号(用户名和密码)
- [root@serv01 vsftpd]# useradd larry
- [root@serv01 vsftpd]# passwd larry
- [root@serv01 vsftpd]# useradd justdb
- [root@serv01 vsftpd]# passwd justdb
- [root@serv01 vsftpd]# id larry
- uid=500(larry) gid=500(larry)groups=500(larry)
- [root@serv01 vsftpd]# id justdb
- uid=501(justdb) gid=501(justdb) groups=501(justdb)
- --第二步,修改配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试。发现匿名用户和本地将帐号都不可以登录
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): ftp
- 331 Please specify the password.
- Password:
- 530 Login incorrect.
- Login failed.
- ftp> ls
- 530 Please login with USER and PASS.
- Passive mode refused.
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 530 Login incorrect.
- Login failed.
- ftp>
- #PAM:Plug Auth Modele 可插拔认证模块
- #思路:将具体认证和具体的系统隔离,灵活
- [root@serv01 upload]# ls /etc/pam.d/
- chfn fingerprint-auth-ac passwd reboot runuser-l sshd su-l
- chsh halt password-auth remote smartcard-auth ssh-keycat system-auth
- config-util login password-auth-ac rhn_register smartcard-auth-ac su system-auth-ac
- crond newrole polkit-1 run_init smtp sudo vsftpd
- fingerprint-auth other poweroff runuser smtp.postfix sudo-i
- [root@serv01 upload]# cat /etc/pam.d/vsftpd
- #%PAM-1.0
- session optional pam_keyinit.so force revoke
- auth required pam_listfile.soitem=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
- auth required pam_shells.so
- auth include password-auth
- account include password-auth
- session required pam_loginuid.so
- session include password-auth
3.2 ftp——授权用户解决授权用户不能登录的问题
- --第一步,修改配置文件,新加入pam_service_name参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,Serv02测试,使用larry登录,并输入对应的密码,发现登录成功,进入用户的家目录
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp>
- ftp> pwd
- 257 "/home/larry"
- #进入家目录,拷贝文件
- [root@serv01 upload]# cd /home/larry/
- [root@serv01 larry]# ll
- total 0
- [root@serv01 larry]# cp/boot/initramfs-2.6.32-131.0.15.el6.x86_64.img . -rvf
- `/boot/initramfs-2.6.32-131.0.15.el6.x86_64.img'-> `./initramfs-2.6.32-131.0.15.el6.x86_64.img'
- #下载
- ftp> get initramfs-2.6.32-131.0.15.el6.x86_64.img
- local:initramfs-2.6.32-131.0.15.el6.x86_64.img remote:initramfs-2.6.32-131.0.15.el6.x86_64.img
- 227 Entering Passive Mode(192,168,1,11,121,102).
- 150 Opening BINARY mode data connection forinitramfs-2.6.32-131.0.15.el6.x86_64.img (12587318 bytes).
- 226 Transfer complete.
- 12587318 bytes received in 0.135 secs(93157.27 Kbytes/sec)
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# lsinitramfs-2.6.32-131.0.15.el6.x86_64.img
- initramfs-2.6.32-131.0.15.el6.x86_64.img
3.3 ftp——授权用户修改共享目录
- --第一步,修改配置文件,加入local_root参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> pwd
- 257 "/share"
- ftp>
3.4 ftp——授权用户允许上传
- --第一步,修改配置文件,加入write_enable参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- write_enable=yes
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试,可以上传
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> put aa01.txt
- local: aa01.txt remote: aa01.txt
- 227 Entering Passive Mode (192,168,1,11,190,171).
- 150 Ok to send data.
- 226 Transfer complete.
- 6 bytes sent in 5.4e-05 secs (111.11Kbytes/sec)
- ftp>
3.5 ftp——授权用户——限制速度
- --第一步,修改配置文件,加入local_max_rate参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- write_enable=yes
- local_max_rate=1024000
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试。
- [root@larrywen ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> put RevolutionOS操作系统革命.rmvb
- local: RevolutionOS操作系统革命.rmvb remote: RevolutionOS操作系统革命.rmvb
- 227 Entering Passive Mode(192,168,1,11,198,237).
- 150 Ok to send data.
- 126902272 bytes sent in 124 secs (1022.06Kbytes/sec)
- #可以使用watch动态查看文件的增长
- [root@serv01 upload]# watch ls -lh
3.6 ftp——授权用户限制登录客户端数和每个IP的登录个数,同匿名用户
#max_clients=10
#max_per_ip=2
3.7 ftp——授权用户限制用户登录
- #root用户不能登录
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): root
- 331 Please specify the password.
- Password:
- 530 Login incorrect.
- Login failed.
- --第一步,追加用户到ftpusers文件中
- [root@serv01 vsftpd]# cat ftpusers
- # Users that are not allowed to login via ftp
- root
- bin
- daemon
- adm
- lp
- sync
- shutdown
- halt
- news
- uucp
- operator
- games
- nobody
- [root@serv01 vsftpd]# echo "justdb">> ./ftpusers
- [root@serv01 vsftpd]# tail -n1 ftpusers
- Justdb
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): justdb
- 331 Please specify the password.
- Password:
- 530 Login incorrect.
- Login failed.
3.8 ftp——授权用户允许root用户登录
- [root@serv01 vsftpd]# vim ftpusers
- [root@serv01 vsftpd]# head -n2 ftpusers
- # Users that are not allowed to login via ftp
- #root
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): root
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,30,219).
- 150 Here comes the directory listing.
- drwxr-xr-x 2 0 0 4096 Aug 13 11:28 download
- -rw-r--r-- 1 0 0 12587318 Aug 13 11:11 initramfs-2.6.32-131.0.15.el6.x86_64.img
- drwxrwxrwx 2 0 0 4096 Aug 13 15:04 upload
- 226 Directory send OK.
3.9 ftp——授权用户允许部分用户登录
- --第一步,修改配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- write_enable=yes
- local_max_rate=1024000
- #max_clients=10
- #max_per_ip=2
- userlist_enable=yes
- userlist_deny=NO
- --第二步,修改配置文件,把larry加到user_list中
- [root@serv01 vsftpd]# vim user_list
- [root@serv01 vsftpd]# tail -n1 user_list
- larry
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试,发现justdb可以登录,larry用户不能登录
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): justdb
- 530 Permission denied.
- Login failed.
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
#不允许登录,直接写到ftpusers文件中
#这样的运用:假如有很多用户,都不允许他们登录,把他们写到ftpusers文件中,并且vsftpd.conf这样设置:userlist_enable=nouserlist_deny=YES(这个参赛不设置亦可);如果允许他们都能登录,那么把他们写到user_list文件中,并且vsftpd.conf这样设置:userlist_enable=yesuserlist_deny=NO
3.10 ftp——授权用户 chroot
- #chroot:没应用的时候。普通用户都可以进入根目录,下载敏感文件
- [root@serv01 vsftpd]#vim vsftpd.conf
- --第一步,编辑配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- write_enable=yes
- local_max_rate=1024000
- #max_clients=10
- #max_per_ip=2
- #userlist_enable=yes
- #userlist_deny=yes
- chroot_list_enable=yes
- #假如chroot_local_user为yes,那么chroot_list_file里的用户不能被chroot限制,没有在chroot_list_file里的用户被限制。
- chroot_local_user=yes
- chroot_list_file=/etc/vsftpd/chroot_list
- #假如chroot_local_user为no,那么chroot_list_file里的用户能被chroot限制,没有在chroot_list_file里的用户不被限制。
- #chroot_local_user=no
- #chroot_list_file=/etc/vsftpd/chroot_list
- --第二步,新建chroot_list文件
- [root@serv01 vsftpd]# vim chroot_list
- [root@serv01 vsftpd]# cat chroot_list
- larry
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试,larry用户没有被chroot限制,不能进入根目录;justdb用户被chroot限制,不能进入根,只能进入共享的目录
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> pwd
- 257 "/share"
- ftp> cd /
- 250 Directory successfully changed.
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,92,126).
- 150 Here comes the directory listing.
- dr-xr-xr-x 2 0 0 4096 Jul 22 16:55 bin
- dr-xr-xr-x 5 0 0 1024 Jul 22 16:56 boot
- drwxr-xr-x 15 0 0 3580 Aug 13 11:46 dev
- drwxr-xr-x 73 0 0 4096 Aug 13 14:23 etc
- drwxr-xr-x 4 0 0 4096 Aug 13 14:23 home
- dr-xr-xr-x 12 0 0 8192 May 10 2011 iso
- dr-xr-xr-x 8 0 0 4096 Jul 22 16:55 lib
- dr-xr-xr-x 8 0 0 12288 Jul 22 16:55 lib64
- drwx------ 2 0 0 16384 Jul 22 16:54 lost+found
- drwxr-xr-x 2 0 0 4096 Dec 04 2009 media
- drwxr-xr-x 2 0 0 4096 Dec 04 2009 mnt
- drwxr-xr-x 3 0 0 4096 Dec 04 2009 opt
- dr-xr-xr-x 89 0 0 0 Aug 13 10:22 proc
- dr-xr-x--- 2 0 0 4096 Aug 13 15:44 root
- dr-xr-xr-x 2 0 0 4096 Jul 22 16:56 sbin
- drwxr-xr-x 7 0 0 0 Aug 13 10:22 selinux
- drwxr-xr-x 4 0 0 4096 Aug 13 11:26 share
- drwxr-xr-x 2 0 0 4096 Dec 04 2009 srv
- drwxr-xr-x 13 0 0 0 Aug 13 10:22 sys
- drwxrwxrwt 3 0 0 4096 Aug 13 15:29 tmp
- drwxr-xr-x 13 0 0 4096 Jul 22 16:54 usr
- drwxr-xr-x 18 0 0 4096 Aug 13 10:23 var
- 226 Directory send OK.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): justdb
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> pwd
- 257 "/"
- ftp> cd /
- 250 Directory successfully changed.
- ftp> pwd
- 257 "/"
- ftp> ls
- 227 Entering Passive Mode(192,168,1,11,208,89).
- 150 Here comes the directory listing.
- drwxr-xr-x 2 0 0 4096 Aug 13 11:28 download
- -rw-r--r-- 1 0 0 12587318 Aug 13 11:11initramfs-2.6.32-131.0.15.el6.x86_64.img
- drwxrwxrwx 2 0 0 4096 Aug 13 15:04 upload
- 226 Directory send OK.
3.11 ftp——授权用户个性化设置(某个用户可以上传,其他用户不可以)
- --第一步,修改vsftpd.conf配置文件,加入user_config_dir参数
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- #write_enable=yes
- local_max_rate=1024000
- #max_clients=10
- #max_per_ip=2
- #userlist_enable=yes
- #userlist_deny=yes
- chroot_list_enable=yes
- chroot_local_user=yes
- chroot_list_file=/etc/vsftpd/chroot_list
- user_config_dir=/etc/vsftpd/user_conf
- --第二步,创建目录,并创建以用户名为文件名的文件
- [root@serv01 vsftpd]# mkdir/etc/vsftpd/user_conf
- [root@serv01 vsftpd]# ll user_conf/ -ld
- drwxr-xr-x. 2 root root 4096 Aug 13 23:53user_conf/
- [root@serv01 vsftpd]# cd user_conf/
- [root@serv01 user_conf]# vim larry
- [root@serv01 user_conf]# cat larry
- write_enable=yes
- --第三步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第四步,测试。发现larry用户可以上传,justdb用户不可以上传
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> !ls
- aa01.txt aa02.txt anaconda-ks.cfg initramfs-2.6.32-131.0.15.el6.x86_64.img install.log install.log.syslog -l
- ftp> put aa01.txt
- local: aa01.txt remote: aa01.txt
- 227 Entering Passive Mode(192,168,1,11,214,219).
- 150 Ok to send data.
- 226 Transfer complete.
- 6 bytes sent in 0.0001 secs (60.00Kbytes/sec)
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): justdb
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> put aa02.txt
- local: aa02.txt remote: aa02.txt
- 227 Entering Passive Mode(192,168,1,11,183,231).
- 550 Permission denied.
- #注意:局部优先,也就是vsftpd.conf中包含write_enable=yes,且用户中#write_enable=no,那么该用户仍不能上传。
3.12 ftp——授权用户——局部优先测试
- --第一步,修改配置文件,把write_enable参数加入,把larry文件中改为no
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=vsftpd
- local_root=/share
- write_enable=yes
- local_max_rate=1024000
- #max_clients=10
- #max_per_ip=2
- #userlist_enable=yes
- #userlist_deny=yes
- chroot_list_enable=yes
- chroot_local_user=yes
- chroot_list_file=/etc/vsftpd/chroot_list
- user_config_dir=/etc/vsftpd/user_conf
- [root@serv01 vsftpd]# cat user_conf/larry
- write_enable=no
- --第二步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第三步,测试。larry用户不能上传,justdb用可以上传
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> put aa01.txt
- local: aa01.txt remote: aa01.txt
- 227 Entering Passive Mode(192,168,1,11,147,45).
- 550 Permission denied.
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): justdb
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> put aa02.txt
- local: aa02.txt remote: aa02.txt
- 227 Entering Passive Mode(192,168,1,11,90,8).
- 150 Ok to send data.
- 226 Transfer complete.
- 6 bytes sent in 9.1e-05 secs (65.93Kbytes/sec)
3.13 ftp——授权用户虚拟帐号
- [root@serv01 vsftpd]# cd/usr/share/doc/vsftpd-2.2.2/EXAMPLE/VIRTUAL_USERS
- [root@serv01 VIRTUAL_USERS]# ll
- --第一步,创建真实用户larry并设定密码
- [root@serv01 vsftpd]# useradd larry
- [root@serv01 vsftpd]# passwd larry
- --第二步,创建logins.txt文件,并添加内容如下
- [root@serv01 ~]# vim logins.txt
- [root@serv01 ~]# cat logins.txt
- #注意:一行用户名,一行密码;交替使用
- larry01
- 123456
- larry02
- 123456
- larry03
- 123456
- larry04
- 123456
- --第三步,创建login.db文件
- [root@serv01 ~]# db_load -T -t hash -flogins.txt /etc/vsftpd/login.db
- [root@serv01 ~]# cd /etc/vsftpd/
- --第四步,修改权限
- [root@serv01 vsftpd]# chmod 600 login.db
- --第五步,创建PAM文件,加入如下内容(可以到/usr/share/doc/vsftpd-2.2.2/EXAMPLE/VIRTUAL_USERS/README文件复制),注意因为我使用的系统是64位,所以需要把lib改成lib64,不然找不到这个模块文件
- [root@serv01 vsftpd]# vim /etc/pam.d/ftp
- [root@serv01 vsftpd]# cat /etc/pam.d/ftp
- auth required /lib/security/pam_userdb.sodb=/etc/vsftpd/login
- account required /lib/security/pam_userdb.sodb=/etc/vsftpd/login
- [root@serv01 vsftpd]# ls/lib/security/pam_userdb.so
- ls: cannot access/lib/security/pam_userdb.so: No such file or directory
- [root@serv01 vsftpd]# vim /etc/pam.d/ftp
- [root@serv01 vsftpd]# ls/lib64/security/pam_userdb.so
- /lib64/security/pam_userdb.so
- [root@serv01 vsftpd]# cat /etc/pam.d/ftp
- auth required /lib64/security/pam_userdb.sodb=/etc/vsftpd/login
- account required/lib64/security/pam_userdb.so db=/etc/vsftpd/login
- --第六步,修改vsftpd.conf配置文件
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anonymous_enable=no
- local_enable=yes
- pam_service_name=ftp
- local_root=/share
- write_enable=yes
- local_max_rate=1024000
- #max_clients=10
- #max_per_ip=2
- #userlist_enable=yes
- #userlist_deny=yes
- chroot_list_enable=yes
- chroot_local_user=yes
- chroot_list_file=/etc/vsftpd/chroot_list
- user_config_dir=/etc/vsftpd/user_conf
- guest_enable=yes
- guest_username=larry
- --第七步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第八步,测试,注意使用虚拟用户登录,比如larry01 larry02
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry01
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> exit
- 221 Goodbye.
- [root@serv02 ~]# ftp 192.168.1.11
- Connected to 192.168.1.11 (192.168.1.11).
- 220 (vsFTPd 2.2.2)
- Name (192.168.1.11:root): larry02
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> exit
- 221 Goodbye.
- --第九步,验证。可以发现up01和up02在真实系统中不存在
- [root@serv01 vsftpd]# ip up01
- Object "up01" is unknown, try"ip help".
- [root@serv01 vsftpd]# ip larry01
- Object "larry01" is unknown, try"ip help".
- [root@serv01 vsftpd]# ip larry02
- Object "larry02" is unknown, try"ip help".
四 ftp——实验
需求
/share:匿名用户和账户访问都可以下载
/share/upload:匿名用户不能进入(下载),授权用户(up01 up02 up03)可以下载,只有up01可以上传
Samba:匿名帐号和授权账户不可以访问
解决
- --第一步,安装vsftp
- [root@serv01 dhcp]# yum install vsftpd*-y
- --第二步,创建目录,share目录权限为755,upload权限为777
- [root@serv01 vsftpd]# mkdir /share
- [root@serv01 vsftpd]# mkdir /share/upload
- [root@serv01 vsftpd]# chmod 755 /share
- [root@serv01 vsftpd]# chmod 777 /share/upload
- --第三步,创建用户,并设置密码
- [root@serv01 user_conf]# useradd up01
- [root@serv01 user_conf]# passwd up01
- [root@serv01 user_conf]# useradd up02
- [root@serv01 user_conf]# passwd up02
- [root@serv01 user_conf]# useradd up03
- [root@serv01 user_conf]# passwd up03
- --第四步,修改配置文件,配置如下
- [root@serv01 vsftpd]# mv vsftpd.confvsftpd.conf.bak
- [root@serv01 vsftpd]# mv vsftpd.confvsftpd.conf.bak
- [root@serv01 vsftpd]# echo "" >vsftpd.conf
- [root@serv01 vsftpd]# vim vsftpd.conf
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anon_upload_enable=yes
- anon_root=/share
- local_enable=yes
- anonymous_enable=yes
- pam_service_name=vsftpd
- local_root=/share/upload
- user_config_dir=/etc/vsftpd/user_conf
- --第五步,创建user_conf目录,新建up01 up02 up03文件内容如下
- [root@serv01 ~]# mkdir /etc/vsftpd/user_conf
- [root@serv01 ~]# cd /etc/vsftpd/user_conf
- [root@serv01 user_conf]# vim up01
- [root@serv01 user_conf]# vim up02
- [root@serv01 user_conf]# vim up03
- [root@serv01 user_conf]# cat up01
- write_enable=yes
- [root@serv01 user_conf]# cat up02
- write_enable=no
- [root@serv01 user_conf]# cat up03
- write_enable=no
- --第六步,重启服务
- [root@serv01 vsftpd]# /etc/init.d/vsftpdrestart
- Shutting down vsftpd: [ OK ]
- Starting vsftpd for vsftpd: [ OK ]
- --第七步,测试
其他实现方式
- [root@serv01 vsftpd]# cat vsftpd.conf
- listen=yes
- anon_upload_enable=yes
- anon_root=/share
- local_enable=yes
- anonymous_enable=yes
- pam_service_name=vsftpd
- local_root= /upload
- user_config_dir=/etc/vsftpd/user_conf
- #/share/upload/目录权限为770或者744,而且所属组为uplook,up01、up02、up03三个用户均属于这个组。通过组和目录的权限控制部分权限。
- [root@serv01 vsftpd]# chmod 770 /share/upload
- #其他一致
五 参考资料